The present invention relates to mobile Internet access and in particular, though not necessarily, to mobile Internet access with a mobile wireless host.
With the increasing use of the Internet, interest has grown in the possibility of accessing the Internet using mobile hosts which are able to roam between access networks. These access networks may be networks to which the mobile hosts are connected via fixed lines or may be wireless networks to which the mobile hosts are connected using a radio interface. Examples of fixed line networks are Ethernet networks whilst examples of wireless networks are mobile telephone networks as well as wireless Local Area Networks (LANs).
A difficulty which must be overcome in order to fully implement mobile Internet access with roaming, is the need to authenticate and/or authorise a roaming host (or rather the subscriber using the mobile host) which uses a foreign network as its access network. It is generally envisaged that such a roaming host should belong to a subscriber of some other network, i.e. the subscriber""s xe2x80x98homexe2x80x99 network, and that the foreign access network must contact this home network in order to authorise the roaming host.
One disadvantage of this proposal is that it does not enable a mobile host to access the Internet anonymously. That is to say that in order to access the Internet a roaming host must disclose its identity either to the access network or to some other home network. Another disadvantage is that a trust relationship must exist between the home network and the access network in order that the networks can confidently exchange billing information. Whilst it may be straightforward to establish a trust relationship between two telecoms operators for example, it may be more difficult where the access network is a wireless Local Area Network operated, for example, in an Internet cafxc3xa9.
According to a first aspect of the invention there is provided a method of authorising an Internet Protocol (IP) enabled mobile host to access the Internet via an access network, the method comprising:
negotiating an IP address between the mobile host and the access network and/or other hosts attached to the access network;
sending electronic cash or other authentication message from the mobile host to a control point within the access network; and
confirming at the control point the authenticity of said electronic cash or authentication message and, providing that confirmation is made, sending an authorisation message from the control point to an IP node,
wherein the IP node blocks the transmission of IP packets between the mobile host and the Internet prior to receipt of said authorisation message and permits the passage of IP packets only after an authorisation message has been received.
Anonymous access is possible where a mobile host has access to electronic cash which can be transferred from the mobile host to the access network. Providing that sufficient electronic cash is transferred to the access network, the access network may authorise the mobile host to access the Internet without the need to refer to some other home network of the mobile host.
It will be appreciated that the present invention is applicable in particular to IPv6.
Preferably, upon receipt of the electronic cash at the control point, the control point contacts a bank, or other electronic cash provider or node of the access network, in order to authenticate and ensure the sufficiency of the received electronic cash. Providing that the bank (or cash provider or other node) returns a confirmation or authentication message to the control point, the control point is able to send the authorisation message to the IP node in order to allow the passage of IP data packets between the mobile host and the Internet.
Preferably, electronic cash payments are incorporated into IP packets sent from the mobile host to the control point. More preferably, the payments are incorporated into the option field of IP packets. Other payment related messages may also be incorporated into IP packets. These include; a price enquiry message sent from the mobile host to the control point, a price list message sent from the control point to the mobile host, and a request for further payment also sent from the control point to the mobile host.
As an alternative to the use of electronic cash, the mobile host may transmit a password or certificate to the control point. The authenticity of the password or certificate may then be checked with a foreign network operator or the like.
Preferably, said IP node provides routing functionality for IP data packets. This node may also provide for protocol conversion between the carrier protocol used by the access network, and that used by the Internet. However, where the carrier protocol of the access network is compatible with that of the Internet, no such conversion may be required. The control point and the IP node may be co-located. Electronic cash or said other authentication message may be sent to the control point via the router. The payments may be piggybacked onto IP datagrams. Payments or authorisation messages may be extracted by the router and forwarded to the control point.
Preferably, said step of negotiating an IP address is carried out in response to the sending of an IP access request from the mobile host to said IP node within the access network. Alternatively, the negotiation may be initiated by receipt of a network advertisement message broadcast by the access network.
The step of negotiating an IP address between the mobile host and the access network may comprise sending an IP address or part thereof from the IP node, or another network node, to the mobile host. In certain embodiments of the present invention, subsequent to receipt of the access request at the IP node, the IP node or other network node returns to the mobile host an IP address prefix. The remainder of the IP address may be provided or generated by the mobile host itself. This remaining part of the IP address may be an International Mobile Subscriber Identity (IMSI) code in the case where the access network is a mobile telephone network and the mobile host is a mobile telephone host or the like. Where the access network is a fixed line access network, the remaining part of the IP address may be the address of the mobile host within that network, e.g. an Ethernet address in the case of an Ethernet network.
Said other network node may be a DHCP server. The control point may be incorporated into the DHCP server, so that the e-cash payments are received by the DHCP server. The DHCP server sends open and close messages to said IP node to unblock or block the flow of IP packets to and from said IP node.
The term xe2x80x9cnegotiatingxe2x80x9d used above encompasses a step of sending a Neighbour Solicitation message from the mobile host to other hosts connected to the network. In the event that there is an IP address collision, a host may respond by sending a Neighbour Advertisement message to the mobile host.
The access network may be a wireless Local Area Network (LAN) or Wide Area Network (WAN). In this case, where the IP node returns a part of an IP address, the remainder of the address may correspond to the address of the host in the access network, e.g. an Ethernet address. Alternatively, the access network may be a mobile telecommunications network such as a GSM network or a UMTS network.
Preferably, the method of the present invention comprises temporarily allocating to the mobile host a home agent located in the access network. More preferably, this allocation exists for the duration of the Internet connection. The home agent is responsible for routing datagrams to the mobile host in the event that the mobile host roams within the access network and may also remain responsible when the mobile host roams out of the access network into a new access network.
Preferably, the method comprises informing an Internet server of the IP address allocated to the mobile host, or of an IP address of an allocated home agent. The server maintains a mapping between mobile host identities and temporary IP addresses/home agent addresses for subscribing mobile hosts. A correspondent host wishing to communicate with the mobile host sends a mobile host identifier to the server. The server may either forward the message to the mobile host or may return the temporary address to the correspondent host. In the former case, the Internet server may be a Call Control server (using the Session Initiation Protocol (SIP)), whilst in the latter case the Internet server may be a Domain Name System (DNS) server.
According to a second aspect of the present invention there is provided apparatus for use in enabling an Internet Protocol (IP) enabled mobile host to access the Internet, the apparatus comprising:
means for conducting a negotiation between the mobile host and the access network and/or other hosts attached to the access network to allocate a mobile address to the mobile host; and
a control point within the access network for receiving electronic cash or other authentication message sent from the mobile host and for confirming the authenticity of the sent electronic cash or authentication message and, providing that confirmation is made, for sending an authorisation message to an IP node,
the IP node being arranged in use to block the transfer of messages between the mobile host and the Internet prior to receipt of an authorisation message from the control point and being arranged to allow the transfer upon receipt of the authorisation message.